RE: Security Practices

From: Bryan McAninch (bryan_at_mcaninch.org)
Date: 05/17/05

  • Next message: Robert Hajime Lanning: "Re: x11 forwarding problems" 
    To: <secureshell@securityfocus.com>
Date: Tue, 17 May 2005 12:24:39 -0500

    In cipher-block chaining (CBC) mode, each block of plaintext is XOR'd with
    the previous ciphertext block before being encrypted. Thus, up to that
    point, each subsequent ciphertext block is dependent upon all previous
    plaintext blocks. Conversely, counter (CTR) mode turns a block cipher into a
    stream cipher. It generates the subsequent keystream block by encrypting
    successive values of what is referred to as a counter. Which mode is more
    'appropriate' for your situation is dependent on your needs - generally
    speaking, I'd suggest using CBC.

    Use HMAC's instead of MAC's. HMAC's are more secure since they are signed
    with a shared secret key. Also, if you can use SHA instead of MD5, that
    would be more secure as well.

    If possible, use RSA 4096 keys, and AES-256 in CBC mode paired with
    SHA-1/256/384/512 HMAC's. If someone breaks that, find a new job - it's not
    worth your time and frustration to continue working in the infosec industry.
    :)

    -----Original Message-----
    From: David Busby [mailto:busby@edoceo.com]
    Sent: Tuesday, May 17, 2005 12:28 AM
    To: secureshell@securityfocus.com
    Subject: Security Practices

    List,
       I'm trying to get my a sshd setup as secure as possible, some folks I
    know what to send financial data over this. Right now I've got 2048bit RSA
    keys, aes256-cbc cipher (only), but all the MACs. I'm thinking that I'll
    make my key 4096bits to add some security. Which cipher is the best? I
    picked AES256 cause I believe AES to be the best, 256 was the largest. What
    is the difference between CBC and CTR? MAC of hmac-md5 is the best choice
    there correct? Assume best means most secure even at the sacrifice of
    performance. Thanks!

    imperium bin # ssh -V
    OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004 imperium bin # uname -a Linux
    imperium 2.6.10-gentoo-r6-edoceo #4 Sun May 1 03:48:25 PDT 2005
    i686 AMD Athlon(TM) XP 1700+ AuthenticAMD GNU/Linux

    /djb

  • Next message: Robert Hajime Lanning: "Re: x11 forwarding problems"

    Relevant Pages

    • Re: risk due to pre-generated password tables?
      ... Assume in both cases a block cipher of block size Kbits. ... In CBC mode the plaintext blocks are obscured, ... So ECB is not always as secure as CBC. ...
      (sci.crypt)
    • Re: Encryption key length (RC4 and Blowfish)
      ... >there was an eavesdropping attacker, ... >with anyone breaking the cipher but solely whether you can distinguish ... >>CBC is a method, and has no entropy at all. ...
      (sci.crypt)
    • Modes of operation
      ... both systems only know CBC. ... would probably use Blowfish as the cipher. ... How big is the security risk when using CBC instead of XTS? ...
      (sci.crypt)
    • Re: thoughts about CBC mode
      ... because the IV is derived from some value that some other part of the cipher ... I've had an MAC for a very long time. ... piecing together things about CBC, stream ciphers, multiple keys, etc. ... There is no coherent terminology. ...
      (sci.crypt)
    • Re: Algorithm Modes
      ... insecurity expression for CTR mode with a block cipher. ... collision is impossible. ... CBC mode has the same term in its ...
      (sci.crypt)